DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

West Virginia Supreme Court affirms HIPAA does not pre-empt state law tort claims for privacy violations

Posted on December 7, 2012 by Dissent

I seem to have missed a lawsuit that may be of interest to readers.  Back in September, Bordas & Bordas, PLLC  wrote:

… What if our private information is released without our permission? What if it falls into the hands of someone who can actually cause us harm?

These aren’t abstract or hypothetical questions. The danger is real, and there’s a case before the West Virginia Supreme Court that shows us just how real it is R.K. vs. St. Mary’s Medical Center, Inc., No. 11-0924.

Consider these facts. R.K. was admitted to St. Mary’s Medical Center for a psychiatric illness. R.K. was also going through a divorce. During his hospitalization, employees of the hospital illegally accessed his private medical records. To add insult to injury, they proceeded to provide copies of the records to R.K.’s wife and divorce attorney. R.K. sued the hospital, alleging a wide variety of state-law claims.

Amazingly, the hospital managed to get the lawsuit dismissed by arguing that since HIPAA doesn’t provide for a private cause of action, there can be no state-level private cause of action for a privacy violation of this kind.

That’s just plain wrong, of course, and R.K. appealed the dismissal in September.  Yesterday, Bordas & Bordas provided a welcome update:

You may remember that in R. K. vs. St. Mary’s Medical Center, Inc., 2012 WL 5834577, a hospital employee illegally accessed the plaintiff’s psychiatric records and then forwarded them to the plaintiff’s estranged wife and her divorce attorney. The plaintiff sued the hospital, claiming that state law provided a remedy for this scandalous behavior. The hospital asked the trial court to dismiss the case, arguing that HIPAA preempted any and all state laws relating to medical rights privacy. Because HIPAA itself didn’t provide a remedy the hospital was, in reality, asking for a free pass.

Thankfully, the West Virginia Supreme Court refused to accept the hospital’s bizarre argument. Even though HIPAA is meant to protect privacy rights, the hospital was twisting it to mean that HIPAA violations would go unpunished. This interpretation was rejected out of hand:

[S]tate common law claims for the wrongful disclosure of medical or personal health information are not inconsistent with HIPAA. Rather, …such state law claims complement HIPAA by enhancing the penalties for its violation and thereby encouraging HIPAA compliance. Accordingly, we now hold that common law tort claims based upon the wrongful disclosure of medical or personal health information are not preempted by the Health Insurance Portability and Accountability Act of 1996.

Here’s the court’s opinion of November 15 and Chief Justice Ketchum’s dissenting opinion.

Related posts:

  • Small-Scale Violations of Medical Privacy Often Cause the Most Harm
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
Category: Health Data

Post navigation

← Stratfor hack update: Barrett Brown indicted
State Farm and Nationwide fail to convince WV Supreme Court to let them retain – and share – medical records obtained under protective orders →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.